Closed FlexServ closed 1 year ago
MassimilianoPasquini97
commented
1 year ago Hi @FlexServ, this template work only using https on any port, are you using http?
Here how {$UNIFI.IP} is used on one of the three API resource used for fetching data.
FlexServ
commented
1 year ago Hi @MassimilianoPasquini97 , We have a linux vm with Unifi Controller software installed and our API address is: https://10.0.0.1:8443/api/auth/login
If i set the {$UNIFI.IP} macro to 10.0.0.1:8443 i just noticed the error message changed to:
The response code 401 did not match any of the required status codes "200"
This suggests an authentication error, but we can login to the Controller with that user/password. Even using a 'Super Administrator' account gives a: response code 401
Does the template support the Unifi Controller software on a linux host?
MassimilianoPasquini97
commented
1 year ago This template was designed for Unifi Dream Machine, I haven't tested with Unifi Controller software but probably could work.
Have you tried to access auth API using curl for better logging? If not try this step:
{
"username": "yourusername",
"password": "yourpassword"
}curl -k -v -X POST -d @body.json --header 'Content-Type: application/json' https://10.0.0.1:8443/api/auth/loginTOKEN cookie and responding with a JSON file with all information about user used on authentication. DO NOT SHARE JSON RESPONSE OR COOKIE TOKEN THEY MIGHT CONTAIN SENSITIVE INFORMATIONFlexServ
commented
1 year ago I'm no coder so i could be talking rubbish here!
Done some digging and the Ubiquiti Community Wiki says UDM has a different API login endpoint (and other endpoints need a prefix). The Art of WiFi github page UniFi-API-client project also talks about adjusting API URLs for UniFi OS-based controllers. It also references the API published by Ubiquiti.
Looking at the Ubiquiti published API, the login endpoint seems to be different: https://ipaddress/api/login
Using this endpoint with your curl command gives me an csrf_token cookie!
Could your template be adjusted to also be usable for non-UDM controllers?
MassimilianoPasquini97
commented
1 year ago This Zabbix template was originally design for UDM only for monitoring my own UDM I have at home.
I spin up a docker container of Unifi Controller on my local machine and I notice not only auth uri differ between UDM and Unifi Controller (how Ubiquiti Community Wiki say), but it use different cookie for authentication, at a previous look it use unifises and csrf_token instead of TOKEN used by UDM.
With some work this template can be modified for support UDM and Unifi Controller. When I will have some spare time I can work on it.
MassimilianoPasquini97
commented
1 year ago Hi @FlexServ, I have updated both template on dev branch:
By default it work for Unifi Dream Machine Pro, for using it on a Unifi Controller you need to modify those macros:
api/login.unifises.api/s/default/stat.Tell me if it work and keep in mind that not all items supported on Unifi Dream Machine Pro is supported by Unifi Controller VM.
FlexServ
commented
1 year ago Hi @MassimilianoPasquini97, Really nice, things are starting to work!
As you said, not all items are supported so there are quite a few:
Failed: cannot extract value from json by path "
": no data matches the specified path ...but this seems harmless as Zabbix automatically sets the item status to 'Not supported'
The only thing i got is some 'false positives' on the "Problem on WAN" and "Problem on VPN" triggers because the 'Unifi WAN Status' and 'Unifi VPN Status' is: unknown
Don't know if this could be addressed by adjusting the trigger ...i've just disabled them for now.
Thanks for adding this!
MassimilianoPasquini97
commented
1 year ago I have fixed false positive on the following triggers:
Al changes was merged on main branch.
How to define an alternative port (other than 443) for Unifi controller API access. Tried setting the
{$UNIFI.IP}macro value to something like:10.0.0.1:8443but that does not seem to work.